alloy-expert
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [Prompt Injection] (SAFE): No instructions found that attempt to bypass AI safety filters or override system prompts. The instructional tone is standard for specialized agent skills.
- [Data Exposure & Exfiltration] (SAFE): No hardcoded credentials or sensitive file access patterns were identified. The skill correctly recommends using native secure storage (Keychain/KeyStore) for authentication tokens.
- [Remote Code Execution] (SAFE): No patterns for downloading or executing code from untrusted remote sources were detected. Reference files and assets are internal to the skill directory.
- [Obfuscation] (SAFE): The content is clear markdown and code without any encoding (Base64), zero-width characters, or homoglyphs.
- [Security Practices] (SAFE): The skill explicitly includes a section on security patterns (Token storage, certificate pinning, encryption, OWASP), which aligns with industry best practices.
Audit Metadata